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1) REAL PARTY IN INTEREST 

The real party in interest is the Assignee, International Business Machines Corporation ("IBM"). 

2) RELATED APPEALS AND INTERFERENCES 

Appellants, the Appellants 5 legal representative, and the assignee, have no personal knowledge of 
any other appeals or interferences which will directly affect or be directly affected by or have a 
bearing on the Board's decision in the pending appeal. 

3) STATUS OF CLAIMS 

Claims 1-5 and 7-20 stand rejected. Claim 6 has been cancelled from the application without 
prejudice. Claims 1 - 5 and 7 - 20 are under appeal. 

4) STATUS OF AMENDMENTS 

An Amendment After Final Rejection was filed on October 10, 2005, responsive to the Final 
Rejection mailed on August 1 1 , 2005. This amendment has been reviewed by the Examiner, and 
has been denied entry. 

5) SUMMARY OF CLAIMED SUBJECT MATTER 

1. Appellants' independent Claims 1, 13, and 14 specify elements of "obtaining credentials 
of a user who requests to access an aggregated service" (Claim 1, line 3, emphasis added); 
"locating, in a network-accessible registry, a service description document specifying a 
provisioning interface for the aggregated service, the aggregated service comprising an 
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aggregation of a plurality of sub-services and the provisioning interface specifying how to invoke 
identity functions of the aggregated service" (Claim 1, lines 4-7, emphasis added); "analyzing 
the obtained credentials by invoking one or more of the identity functions, according to the 
specification thereof in the provisioning interface, to determine whether the user is authenticated 
for, and/or is authorized for, accessing the aggregated service" (Claim 1, lines 8-10, emphasis 
added); and "allowing the user to access the aggregated service only if the analyzing step has a 
successful result" (Claim 1, lines 11-12). 

2. In other words, there is a service, referred to as an "aggregated service", that comprises an 
aggregation of a plurality of sub-services (Specification, p. 1 1, lines 1 - 3; p. 12, lines 8 - 9), and 
a service description document in a network-accessible registry specifies a provisioning interface 
for this aggregated service (Specification, p. 17, lines 6 - 13; p. 21, lines 15-20; Figs. 5 A - 5E). 
This provisioning interface, in turn, specifies how to invoke identity functions (e.g., 
authentication and authorization functions) of the aggregated service (Specification, p. 28, lines 6 
- 7; p. 30, lines 15-17; Fig. 6). As one example, an aggregated e-mail service might comprise a 
first sub-service used to establish e-mail accounts for users and a second sub-service with which 
the users can access their e-mail messages. Specification, p. 20, lines 1 1 - 20. 

3. Dependent Claim 2 specifies "wherein an implementation of each of the identify [note, 
should say "identity "] fiinctions of the aggregated service is provided by at least one of the sub- 
services" (Claim 2, lines 1-3, emphasis added). For example, one sub-service may provide an 
authentication function, while another sub-service provides an authorization function. 
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Specification, p. 23, lines 3 - 9 and lines 15-17 discuss a scenario where a sub-service 
"ServiceABC" provides an implementation of an identity function (a function that can be used, in 
this example, to determine what provisioning system stores information about the user), where 
the information obtained from this (sub-)service can then be passed to other (sub-)services. See 
also p. 25, lines 11-15, which discuss a "remote service" (i.e., a remote sub-service) which can 
authenticate the requester; this authentication comprises an identity function. 

4. Dependent Claim 3 specifies an element of "at least one of the sub-services [of which the 
aggregated service is comprised] has a local provisioning interface, the local provisioning 
interface specified in a corresponding service description document and comprising a 
specification of how to invoke one or more identity functions of the sub-service " (Claim 3, lines 
2-4, emphasis added). That is, there is an additional service description document, for this at 
least one sub-service. Specification, p. 21, lines 2-3 discusses documents that define operations 
provided by the sub-services. The local provisioning interface can be used to control access to 
the sub-services (Claim 3, lines 7-13). 

5. Dependent Claim 7 specifies an element of "programmaticallv relaying [identity 
information obtained from invoking identity function(s)] among at least two of the sub-services 
of the aggregated service" (Claim 7, lines 1 - 3, emphasis added). Specification, p. 9, lines 2 - 6; 
p. 29, lines 15 -17. 



6. Dependent Claim 1 8 specifies elements of " at least two of the sub-services each have 
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associated therewith an identity system for access control thereto" (Claim 18, lines 2-3, 
emphasis added; Specification, p. 23, lines 3 - 9 and 15 - 17; p. 25, lines 11-15; Block 650 of 
Fig. 6 and associated text on p. 31, lines 11-13); "at least two of the associated identity systems 
are heterogeneous" (Claim 18, line 4, emphasis added; Specification, p. 7, lines 1 1 - 12; p. 1 1, 
lines 4 - 7; p. 32, line 20); and "at least one selected one of the identity functions of the 
aggregated service enables dynamically joining at least two of the heterogeneous identity 
systems" (Claim 18, lines 5-6, emphasis added; Specification, p. 11, lines 4 - 5; p. 21, line 15; 
p. 32, line 20). 

7. Dependent Claim 19 specifies an element of "[an] identity function, upon invocation, 
identifies the identity system that stores information pertaining to users of the sub-service with 
which that identity system is associated" (Claim 19, lines 1 - 3, emphasis added). An example is 
provided whereby the provisioning interface of a sub-service "ServiceABC" is queried to 
determine the identifier of its provisioning service, and that identifier is returned from a service 
invocation. See Fig. 5A, elements 502 and 504, and the corresponding text on p. 23, lines 3-17 
(and in particular, lines 5-7 and 14 - 17). 

8. Dependent Claim 20 specifies an element of "the dynamic joining [of heterogeneous 
identity systems] is enabled by relaying the identification of the identity system [where this 
identification is obtained by invoking an identity function] among the dynamically-joined 
identity systems" (Claim 20, lines 1-2, emphasis added). Specification, p. 9, lines 2 - 5; p. 32, 
lines 19 - 20; Abstract, lines 6-7. See also the "provID" parameter of the request messages 
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described at elements 506, 510, 514, 518, 522, 526, and 530 of Fig. 5, where this parameter is 
described (Specification, p. 23, lines 13 - 17) as one way of relaying the identifier obtained from 
the response message at 504 on invocations of request messages. 

9. Independent Claims 13-14 include means plus function terminology (although in the 
unentered amendment dated October 10, 2005, the "means" terminology was removed from 
independent Claim 14), Structure, material, or acts supporting this terminology are described in 
Appellants' specification, as will now be described. 

1 0. With regard to the "means for obtaining credentials" element of independent Claims 1 3 
and 14, the text on p. 29, lines 8-12 describes obtaining a user identifier and password, or other 
types of user credentials; see also Block 600 of Fig. 6. For the "means for locating" element of 
independent Claims 13 and 14, see p. 17, lines 9 - 13, stating that a Web Services Description 
Language ("WSDL") document (an example of which is provided by the WSDL fragment in 
Figs. 5A - 5E) representing a provisioning interface can be registered in a registry, and can then 
be "located and bound to" at run time. For the "means for analyzing" element of independent 
Claims 13 and 14, see p. 29, lines 8-14, which discuss passing a user identifier and password to 
an authentication service; see also Block 650 of Fig. 6 and its corresponding text on p. 31, lines 
12-13, which discuss using an operation-specific authentication service for a particular 
operation of the aggregated service, and Block 670 of Fig. 6 and its corresponding text on p. 31, 
lines 17-18 and p. 32, lines 1-2, which discuss deterrnining the user's operation-specific 
authorization . With regard to the "means for allowing" element of independent Claims 13 and 
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14, see Blocks 620 and 640 of Fig, 6 and their corresponding text on p. 30, lines 19 - 20 and p. 
3 1 , lines 4 - 6; see also the text on p. 32, lines 3-9, discussing a scenario where an error message 
may be generated if the user is not authorized for performing a particular operation in a flow. 

6) GROUND OF REJECTION TO BE REVIEWED ON APPEAL 

1 1 . The ground of rejection presented for review is whether Claims 1 - 5 and 7 - 20 are 
anticipated under 35 U.S.C. § 102(e) by U. S. Patent 6,839,680 to Liu et al. (hereinafter, "Liu"). 

7) ARGUMENT 

12. Paragraph 4 of the Office Action dated August 1 1 , 2005 (hereinafter, "the Office Action") 
states that Claims 1-5 and 7 - 20 are rejected under 35 U.S.C. § 102(e) as being anticipated by U. 
S. Patent 6,839,680 to Lin. Of these claims, the independent claims are 1, 13, and 14. 

13. Appellants respectfully submit that a prima facie case of anticipation under 35 U.S.C. 
§102 has not been made out as to their Claims 1 - 5 and 7 - 20. Section 706.02 of the MPEP, 
"Rejection on Prior Art", states in Section IV, "Distinction Between 35 U.S.C. 102 and 103", the 
requirements for establishing a prima facie case of anticipation under this statute, noting that "... 
for anticipation under 35 U.S.C. 102, the reference must teach every aspect of the claimed 
invention either explicitly or impliedly" (emphasis added). This requirement is also stated in 
MPEP §2131, "Anticipation ~ Application of 35 U.S.C. 102(a), (b), and (e)", which states (in its 
final paragraph) "A claim is anticipated only if each and every element as set forth in the claim is 
found, either expressly or inherently described, in a single prior art reference", quoting Verdegaal 
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Bros. v. Union Oil Co. of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987), 
emphasis added. This final paragraph of MPEP §2131 also states "The elements must be 
arranged as required by the claim quoting In re Bond, 910 F.2d 831, 15 USPQ2d 1566 (Fed. 
Cir. 1990), emphasis added. 

14. Furthermore, Appellants are entitled to have all words of their claimed invention 
considered when determining patentability. See Section 2143.03 of the MPEP, "All Claim 
Limitations Must Be Taught or Suggested", referencing In re Wilson, 165 USPQ 494, 496 
(C.C.P.A. 1970), which stated "All words in a claim must be considered in judging the 
patentability of that claim against the prior art" (emphasis added). 

15. The burden for rebutting a rejection under 35 U.S.C. 102 does not pass to Appellants 
until a prima facie case of anticipation has been made out. See In re Bass, 111 USPQ 178, 186 
(C.C.P.A. 1973), which held: 

From the evidence available to it, the initial burden of making out a prima 

facie case of prior invention is on the Patent Office When the Patent Office 

has made out a prima facie case of priority the burden would then shift to the 
applicant to rebut it. 

Accordingly, Appellants respectfully submit that the burden has not passed. For the sake of 
expediency, Appellants will, however, provide a rebuttal herein of the analysis provided in the 
Office Action. 
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7.1) Rejection of Independent Claims 1, 13, and 14 

1 6. Appellants respectfully submit that Liu fails to teach all limitations of their independent 
Claims 1, 13, and 14 and in particular, does not teach "each and every element" or "all words' 5 
of these claims. The Office Action analysis therefore fails to make out a prima facie case of 
anticipation, in violation of the above-quoted MPEP §706.02, §2131, and §2143.03, as will now 
be demonstrated. 

17. Page 3, line 1 - p. 4, line 10 of the Office Action analyzes Appellants' independent Claim 
1 . This analysis will now be described. 

1 8. Claim 1 , line 3 specifies "... a user who requests to access an a ggregated service" 
(emphasis added). Page 3, line 4 of the Office Action cites Liu's Abstract and col. 6, lines 39 - 
56. Appellants have defined an "aggregated service" as "an aggregation of a plurality of sub- 
services " in their claim language on lines 5 - 6 of Claim 1 (emphasis added). Appellants find no 
discussion, nor any suggestion, in Liu's Abstract of a user requesting to access this type of 
aggregated service. Instead, Liu's Abstract simply talks about users accessing "multiple web 
sites, servers and domains" (Abstract, lines 2 - 3), with no suggestion that these web sites, server, 
and domains are in any way aggregated to form an aggregated service . Similarly, no teaching or 
suggestion of a user requesting to access an aggregated service is found in col. 6, lines 39-56 
(which discuss users visiting web sites, and protecting user identities and personal information). 



1 9. The element on lines 4 - 
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limitations not taught, or suggested, by Liu. Page 3, lines 8-9 of the Office Action cite Liu's 
Fig. 10, reference number 724 as teaching this element of Appellants 5 Claim 1, stating that 
reference number 724 includes "an aggregation of a plurality of sub-services". Fig. 10 shows a 
plurality of systems 919, 941, and 955, which together comprise aggregator system 724. 
However, this element of Appellants' claim language specifies a number of limitations which 
have not been addressed in the Office Action. For example, no citation is provided for: 

• "a network-accessible registry" (Claim 1, line 4); 

• "a service description document" (Claim 1, line 4); 

• " locating [a service description document] in a network-accessible registry" 
(Claim 1, line 4, emphasis added); 

• "a provisioning interface for [an] aggregated service" (Claim 1, lines 4-5, 
emphasis added); 

• "a service description document [that] specifies] a provisioning interface ..." 
(Claim 1, lines 4-5, emphasis added); or 

a "provisioning interface ... [that specifies] how to invoke identity functions of 
[an] aggregated service" (Claim 1, lines 6-7, emphasis added). 

20. The element on lines 8 - 10 of Appellants' independent Claim 1 also specifies limitations 
not taught, or suggested, by Liu. In particular, this claim language specifies "analyzing [user] 
credentials by invoking ... identity functions, according to the specification thereof in the 
provisioning interface ..." (Claim 1, lines 8-9, emphasis added). Page 3, line 10 - p. 4, line 8 of 
the Office Action cites col. 16, line 59- of Liu as teaching these limitations (although Appellants 
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find the text quoted in the Office Action in col. 6, line 44 - col. 7, line 3). This quoted text 
discusses identifying a user with an "opaque visitor identifier". However, Appellants find no 
teaching, nor any suggestion, in Liu of a provisioning interface which in any way specifies 
identity functions (and Appellants further note that their provisioning interface is specified in a 
"service description document" that is located "in a network-accessible registry"; as has been 
discussed above in paragraph 1 9, Liu has no teaching or suggestion of a provisioning interface 
with these limitations). 

21 . Accordingly, the Office Action fails to cite a reference that teaches each and every 
element of Appellants' independent Claim 1, and fails to cite a references that teaches all words 
of this claim language. 

22. Appellants' independent Claims 13 and 14 specify analogous limitations to those which 
have been discussed, above, in paragraphs 18-20. The Office Action fails to provide any 
discussion of these independent claims. However, Appellants assert the same arguments 
presented in paragraphs 1 8 - 20, above, for the allowability of these claims over the teachings of 
Liu. 

23. Appellants therefore respectfully submit that the Office Action fails to make out a prima 
facie case of anticipation as to independent Claims 1,13, and 14, in violation of the above- 
quoted MPEP §706.02, §2131, and §2143.03. Without more, these claims are deemed 
patentable. See In re Oetiker, 24 USPQ 2d 1443, 1444 (Fed. Cir. 1992), which stated: 
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If the examination at the initial stage does not produce a prima facie case of 
unpatentability, then without more the applicant is entitled to grant of the patent. 

7.2) Rejection of Dependent Claim 2 

24. Page 4, lines 1 1 - 1 8 of the Office Action discuss dependent Claim 2. Appellants' 
dependent Claim 2 pertains to "an implementation of ... identify [note a typographical error; 
should say "identity"] functions". The quoted text of the Office Action discusses two 
"subsystems", one which generates "daily aggregates" and another which generates "the higher 
level of aggregation (aggregation over weeks, months, quarters or years ...)". This quoted text m 
noway pertains to identity functions (and Appellants note that the word "identity" has been used 
on line 1 1 of the Office Action, indicating that Appellants' intended claim language was 
analyzed, in spite of the typographical error in Claim 2). 

25. Because the cited text fails to teach each and every element of Appellants' dependent 
Claim 2, and fails to teach all words of this claim language, Appellants respectfully submit that 
the Office Action fails to make out a prima facie case of anticipation as to dependent Claim 2, 
and without more, this claim is deemed patentable. (This dependent claim is also deemed 
patentable by virtue of the allowability of the independent claim from which it depends.) 

73) Rejection of Dependent Claim 3 

26. Page 4, line 19 - p. 5, line 9 of the Office Action discuss dependent Claim 3. Appellants' 
dependent Claim 3 pertains to "a local provisioning interface" of at least one sub-service (Claim 
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3, line 2). This analysis will now be discussed in more detail. 



27. The cited text from col. 28, line 48 - col. 29, line 50 of Liu (cited for the first element of 
Claim 3) pertains to aggregating collections of event records (i.e., aggregating data). Appellants 
respectfully submit that this cited text fails to teach anything about sub-services that have 
provisioning interfaces, including: 

• provisioning interfaces that are "specified in a corresponding service description 
document " (Claim 3, lines 2-3, emphasis added); and 

provisioning interfaces that specify "how to invoke one or more identity functions 
of the sub-service" (Claims 3, lines 2-4, emphasis added). 



28. The cited text from col. 6, line 39 - col. 7, line 20 and col. 67, line 1- of Liu (cited for the 
second through final element of Claim 3) also fails to teach anything about sub-services that have 
provisioning interfaces, and in particular, fails to teach provisioning interfaces that have identity 
functions (in contrast to Appellants' claim language, which specifies "the identity functions in 
the provisioning interface ... are selected from the local provisioning interfaces"; Claim 3, lines 5 
-6). 



29. Because the cited text fails to teach each and every element of Appellants' dependent 
Claim 3, and fails to teach all words of this claim language, Appellants respectfully submit that 
the Office Action fails to make out a prima facie case of anticipation as to dependent Claim 3, 
and without more, this claim is deemed patentable. (This dependent claim is also deemed 
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patentable by virtue of the allowability of the independent claim from which it depends,) 

7.4) Rejection of Dependent Claim 4 

30. Dependent Claim 4 stands or falls with independent Claim 1, from which it depends. 
Thus, this claim is deemed allowable by virtue of the allowability of the independent claim. 

7.5) Rejection of Dependent Claim 18 

3 1 . Page 6, lines 5 - 7 of the Office Action discuss dependent Claim 1 8. Appellants' 
dependent Claim 18 pertains to sub-services which have heterogeneous identity systems 
associated therewith ("at least two of the associated identity systems [of at least two of the sub- 
services] are heterogeneous"; Claim 18, lines 2 - 4). The Office Action cites col. 6, line 59 - col. 
7, line 19 as teaching all limitations of this dependent claim. However, Appellants find no 
discussion in this text of heterogeneous identity systems, in contrast to the limitations on line 4 of 
Claim 18, or of "dynamically joining at least two of the heterogeneous identity systems", in 
contrast to the limitations on lines 5 - 6 of Claim 1 8. 

32. Because the cited text fails to teach each and every element of Appellants' dependent 
Claim 18, and fails to teach all words of this claim language, Appellants respectfully submit that 
the Office Action fails to make out a prima facie case of anticipation as to dependent Claim 18, 
and without more, this claim is deemed patentable. (This dependent claim is also deemed 
patentable by virtue of the allowability of the independent claim from which it depends.) 
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7.6) Rejection of Dependent Claims 5, 7 - 12, 15 - 17, and 19 - 20 

33. The Office Action fails to discuss dependent Claims 5, 7 - 12, 15 - 17, and 19 - 20. 
Accordingly, a prima facie case of anticipation has not been made out as to these claims, and 
without more, these claims are deemed patentable. (These dependent claims are also deemed 
patentable by virtue of the allowability of the independent claim from which they depend.) 

8) CONCLUSION 

For the reasons set out above, Appellants respectfully contend that each appealed claim is 
patentable, and respectfully requests that Examiner's Final Rejection of appealed Claims 1-5 
and 7-20 should be reversed. 



Respectfully submitted, 




Marcia L. Doubet 
Attorney for Appellants 
Reg. No. 40,999 



Customer Number for Correspondence: 43 1 68 
Phone: 407-343-7586 
Fax: 407-343-7587 
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k CLAIMS APPENDIX 



CLAIMS AS CURRENTLY PRESENTED: 

1 Claim 1 : A computer-implemented method of provisioning an aggregated service in a computing 

2 network, comprising steps of: 

3 obtaining credentials of a user who requests to access an aggregated service; 

4 locating, in a network-accessible registry, a service description document specifying a 

5 provisioning interface for the aggregated service, the aggregated service comprising an 

6 aggregation of a plurality of sub-services and the provisioning interface specifying how to invoke 

7 identity functions of the aggregated service; 

8 analyzing the obtained credentials by invoking one or more of the identity functions, 

9 according to the specification thereof in the provisioning interface, to determine whether the user 

10 is authenticated for, and/or is authorized for, accessing the aggregated service; and 

1 1 allowing the user to access the aggregated service only if the analyzing step has a 

1 2 successful result 

1 Claim 2: The computer-implemented method according to Claim 1, wherein an implementation 

2 of each of the identify functions of the aggregated service is provided by at least one of the sub- 

3 services. 



1 Claim 3: The computer-implemented method according to Claim 1, wherein: 

2 at least one of the sub-services has a local provisioning interface, the local provisioning 

3 interface specified in a corresponding service description document and comprising a 
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4 specification of how to invoke one or more identity functions of the sub-service; and 

5 the identity functions in the provisioning interface of the aggregated service are selected 

6 from the local provisioning interfaces; and further comprising the step of: 

7 controlling access to each of the sub-services having the local provisioning interface, 

8 further comprising the steps of: 

9 determining whether the user is authenticated for, and/or authorized for, accessing 

10 the sub-service by invoking at least one of the one or more identity functions of the sub-service, 

1 1 according to the specification thereof in the local provisioning interface; and 

12 allowing the user to access the sub-service only if the determining step has a 

1 3 successful result. 

1 Claim 4: The computer-implemented method according to Claim 3, wherein: 

2 the step of obtaining credentials of the user also obtains sub-service credentials for at 

3 least one of the sub-services having the local provisioning interface; and 

4 the determining step uses the obtained sub-service credentials. 

1 Claim 5: The computer-implemented method according to Claim 1, wherein: 

2 one or more operations of at least one of the sub-services is access-protected; 

3 the obtaining step further comprises obtaining, for at least one of the access-protected 

4 operations, operation-specific credentials of the user; and further comprising the step of: 

5 controlling access to each of at least one of the access-protected operations, further 

6 comprising the steps of: 
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7 analyzing the obtained operation-specific credentials by invoking one of more of the 

8 identity functions, according to the specification thereof in the provisioning interface, to 

9 determine whether the user can access the access-protected operation; and 

1 0 allowing the user to access the access-protected operation only if the step of analyzing the 

1 1 obtained operation-specific credentials has a successful result. 



Claim 6 (canceled) 



1 Claim 7: The computer-implemented method according to Claim 1, wherein identity information 

2 obtained by invoking one or more of the identity functions is programmatically relayed among at 

3 least two of the sub-services of the aggregated service. 

1 Claim 8: The computer-implemented method according to Claim 7, wherein the programmatic 

2 relaying comprises sending a message which specifies the identity information in a header of the 

3 message and which specifies a service request in a body of the message. 

1 Claim 9: The computer-implemented method according to Claim 8, wherein the message is a 

2 SOAP ("Simple Object Access Protocol") message. 

1 Claim 10: The computer-implemented method according to Claim 1, wherein the service 

2 description document is specified in a markup language. 
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1 Claim 11: The computer-implemented method according to Claim 10, wherein the markup 

2 language is Web Services Description Language ("WSDL"). 

1 Claim 12: The computer-implemented method according to Claim 2, wherein the network- 

2 accessible registry is accessed using standardized messages. 



1 Claim 1 3: A system for provisioning an aggregated service in a computing network, comprising: 

2 means for defining a provisioning interface of the aggregated service; 

3 means for specifying the provisioning interface in a service description document; 

4 means for obtaining credentials of a user who requests to access an aggregated service; 

5 means for locating, in a network-accessible registry, a service description document 

6 specifying a provisioning interface for the aggregated service, the aggregated service comprising 

7 an aggregation of a plurality of sub-services and the provisioning interface specifying how to 

8 invoke identity functions of the aggregated service; 

9 means for analyzing the obtained credentials by invoking one or more of the identity 

10 functions, according to the specification thereof in the provisioning interface, to determine 

1 1 whether the user is authenticated for, and/or is authorized for, accessing the aggregated service; 

12 and 

13 means for allowing the user to access the aggregated service only if the means for 

14 analyzing has a successful result 
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Claim 14: A computer program product for provisioning an aggregated service in a computing 
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2 network, the computer program product embodied on one or more computer-readable media and 

3 comprising: 

4 computer-readable program code means for obtaining credentials of a user who requests 

5 " to access an aggregated service; 

6 computer-readable program code means for locating, in a network-accessible registry, a 

7 service description document specifying a provisioning interface for the aggregated service, the 

8 aggregated service comprising an aggregation of a plurality of sub-services and the provisioning 

9 interface specifying how to invoke identity functions of the aggregated service; 

10 computer-readable program code means for analyzing the obtained credentials by 

1 1 invoking one or more of the identity functions, according to the specification thereof in the 

12 provisioning interface, to determine whether the user is authenticated for, and/or is authorized 

1 3 for, accessing the aggregated service; and 

14 computer-readable program code means for allowing the user to access the aggregated 

1 5 service only if the computer-readable program code means for analyzing has a successful result. 

1 Claim 15: The method according to Claim 1, wherein an implementation of at least one of the 

2 sub-services is located dynamically, at run-time. 

1 Claim 16: The method according to Claim 7, wherein the identity information is initially 

2 obtained as a result of the analyzing step. 



1 



Claim 17: The method according to Claim 7, wherein the identity information comprises an 
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2 authentication token generated by one of the invoked identity functions. 

1 Claim 18: The method according to Claim 1, wherein: 

2 at least two of the sub-services each have associated therewith an identity system for 

3 . access control thereto; 

4 at least two of the associated identity systems are heterogeneous; and 

5 at least one selected one of the identity functions of the aggregated service enables 

6 dynamically joining at least two of the heterogeneous identity systems. 

1 Claim 19: The method according to Claim 18, wherein the at least one selected identity function, 

2 upon invocation, identifies the identity system that stores information pertaining to users of the 

3 sub-service with which that identity system is associated. 

1 Claim 20: The method according to Claim 1 9, wherein the dynamic joining is enabled by 

2 relaying the identification of the identity system among the dynamically-joined identity systems. 
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EVIDENCE APPENDIX 

Appellants, the Appellants' legal representative, and the assignee have no personal knowledge of 
evidence requiring separate identification herein as bearing on this Appeal. 
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RELATED PROCEEDINGS APPENDIX 

No related proceedings are personally known to Appellants, the Appellants' legal representative, 
or the assignee. 
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